Register Log In

UBB.threads PHP Forum Software Community Forums UBB.classic [Archived] UBB.classic Bugs [NOTABUG] Got past the untaint check!

Print Thread

Hop To

[NOTABUG] Got past the untaint check! #113891 01/30/2005 10:38 PM
Joined: Apr 2004 Posts: 141 O oracleweb member
oracleweb member O Joined: Apr 2004 Posts: 141	w00t! https://www.ubbcentral.com/cgi-bin/ultimatebb.cgi?ubb=recent_user_posts I was viewing a member's recent posts on my forum ( http://www.ianspence.com/cgi-bin/ultimatebb.cgi?ubb=recent_user_posts;u=00000071 ) I then went to check mine. Knowing I'm #1 <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> , I deleted the 7 and forgot it had to be 8 numbers long. Anyhoo, I got past the check. I then checked here to make sure it wasn't one of my modifications.

Re: [NOTABUG] Got past the untaint check! #113892 01/30/2005 10:40 PM
Joined: Jun 2006 Posts: 346 Des Moines, IA R Ron M enthusiast
Ron M enthusiast R Joined: Jun 2006 Posts: 346 Des Moines, IA	How did you get past the untaint check? at CGIPath/ubb_profile.cgi line 1142. This can be confirmed on an unmodified 6.7.2 board (mine)

Re: [NOTABUG] Got past the untaint check! #113893 01/31/2005 12:50 AM
Joined: Jun 2006 Posts: 16,447 Likes: 141 Portland, OR; USA Gizmo
Gizmo Joined: Jun 2006 Posts: 16,447 Likes: 141 Portland, OR; USA	Confirmed on my 6.7.2 modified forum; it's kinda fun to add more/less "0's" to the address bar for the user number; it gets past in either direction. I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums. Do you need Forum Install or Upgrade Services? Forums: A Gardeners Forum, Scouters World UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps Longtime Supporter & Resident Post-A-Holic VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Re: [NOTABUG] Got past the untaint check! #113894 01/31/2005 1:32 PM
Joined: Jul 2006 Posts: 2,143 David Dreezer Pooh-Bah
David Dreezer Pooh-Bah Joined: Jul 2006 Posts: 2,143	This is the designed behavior - you didn't actually pass in a valid eight digit user number. The code intentionally does not forcefully mangle the number. This thread for sale. Click here!

Re: [NOTABUG] Got past the untaint check! #113895 01/31/2005 11:15 PM
Joined: Jun 2006 Posts: 16,447 Likes: 141 Portland, OR; USA Gizmo
Gizmo Joined: Jun 2006 Posts: 16,447 Likes: 141 Portland, OR; USA	Wouldn't it instead make more sense to state "you have not entered a valid 8 digit member id" vs "you have bypassed the taint check"? I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums. Do you need Forum Install or Upgrade Services? Forums: A Gardeners Forum, Scouters World UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps Longtime Supporter & Resident Post-A-Holic VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Re: [NOTABUG] Got past the untaint check! #113896 02/01/2005 10:13 AM
Joined: Jul 2006 Posts: 2,143 David Dreezer Pooh-Bah
David Dreezer Pooh-Bah Joined: Jul 2006 Posts: 2,143	There are no conditions in which an invalid link can be generated to that page. The error isn't meant to be user-friendly, as it's one of those "this can't happen" errors. This thread for sale. Click here!

Re: [NOTABUG] Got past the untaint check! #113897 02/01/2005 12:08 PM
Joined: Jun 2006 Posts: 16,447 Likes: 141 Portland, OR; USA Gizmo
Gizmo Joined: Jun 2006 Posts: 16,447 Likes: 141 Portland, OR; USA	Yeh, but there are many ways that a user can mess a direct link to that page up in a sig/post then whine that the board has a bug lol I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums. Do you need Forum Install or Upgrade Services? Forums: A Gardeners Forum, Scouters World UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps Longtime Supporter & Resident Post-A-Holic VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Link Copied to Clipboard

Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.

Graemlin pictures to the shoutbox
by VaGunTrader - 11/14/2025 6:15 PM

How to add embed video function for Youtube ?
by ShiftKnowledge - 11/11/2025 12:44 AM

Forum time/date setting
by Conrad - 11/10/2025 2:03 PM

Icon Images Look Blurry
by ShiftKnowledge - 11/09/2025 7:01 PM

Who's Online observation
by Morgan - 11/09/2025 4:38 AM

Who's Online Now

1 members (Conrad), 19,085 guests, and 358 robots.

Key: Admin, Global Mod, Mod

Random Gallery Image

Latest Gallery Images

test

test
by Gizmo, August 20

Ride safe!

Ride safe!
by Morgan, December 7

Los Angeles

Los Angeles
by isaac, August 6

3D Creations

3D Creations
by JAISP, December 30

Powered by UBB.threads™ PHP Forum Software 8.1.0
(Snapshot build 20250209)